The Wayback Machine - https://web.archive.org/web/20220614155045/https://github.com/go-gitea/gitea/issues/19439
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[API] Delete Yourself #19439

Open
6543 opened this issue Apr 20, 2022 · 7 comments
Open

[API] Delete Yourself #19439

6543 opened this issue Apr 20, 2022 · 7 comments
Labels
good first issue kind/api kind/feature

Comments

@6543
Copy link
Member

@6543 6543 commented Apr 20, 2022

the user should have an api to delete his own account

you just have to look at

gitea/routers/api/v1/admin/user.go

Lines 307 to 320 in a7f0ce6

if err := user_service.DeleteUser(ctx.ContextUser); err != nil {
if models.IsErrUserOwnRepos(err) ||
models.IsErrUserHasOrgs(err) ||
models.IsErrUserOwnPackages(err) {
ctx.Error(http.StatusUnprocessableEntity, "", err)
} else {
ctx.Error(http.StatusInternalServerError, "DeleteUser", err)
}
return
}
log.Trace("Account deleted by admin(%s): %s", ctx.Doer.Name, ctx.ContextUser.Name)
ctx.Status(http.StatusNoContent)
}

@6543
Copy link
Member Author

@6543 6543 commented Apr 20, 2022
edited

I would propose DELETE /user

and add some "save" mechansim like a option in body to say YES ... ?

@Gusted
Copy link
Member

@Gusted Gusted commented Apr 21, 2022

What's the point of a save mechanism?

The API then will need two requests from those who utilize it.
Those that use the API as a front-end wrapper, such as GitNex, could display a "Are you sure" screen for this action ahead of time and avoid having to deal with our save mechanism to show such a screen to the user.

Most use-cases for this API call, will just make the two requests unconditionally, which, if you ask me, is a waste of resources.

@6543
Copy link
Member Author

@6543 6543 commented Apr 21, 2022

also an opinion ...

@jolheiser
Copy link
Member

@jolheiser jolheiser commented Apr 21, 2022

I agree with @Gusted, a raw API has no need for a confirmation. That is a front-end job.

@6543
Copy link
Member Author

@6543 6543 commented Apr 21, 2022

ok so let it be one request to let them delete all ;)

@techknowlogick techknowlogick changed the title [API] Delete Yourselve [API] Delete Yourself Apr 21, 2022
@mscherer
Copy link
Contributor

@mscherer mscherer commented Apr 29, 2022

In fact, wouldn't it be better to have the API mark the user "to be deleted" and delete after X weeks ? This would make revert easier, in case someone account is compromised.

@6543
Copy link
Member Author

@6543 6543 commented Apr 29, 2022

good idea, will require extra work for ALL delete and GET fuctions from models, so i thin it's a own issue (and worth it's own pull)

@6543 6543 mentioned this issue Apr 29, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
good first issue kind/api kind/feature
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mscherer @6543 @Gusted @jolheiser